Tag: russia
-
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
by
in SecurityNewsEntities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT.”The file names use Russian words related to the movement of troops in Ukraine as a lure,” Cisco Talos researcher Guilherme Venere said in a report published last week. “The PowerShell downloader contacts geo-fenced…
-
Gamaredon Exploits Troop Movement Lures to Spread Remcos via DLL Sideloading
A new targeted malware campaign linked to the Russian state-aligned group Gamaredon is exploiting Windows shortcut (.LNK) files First seen on securityonline.info Jump to article: securityonline.info/gamaredon-exploits-troop-movement-lures-to-spread-remcos-via-dll-sideloading/
-
Russian Intelligence Impersonates CIA in Phishing Attacks
by
in SecurityNewsSilent Push Threat Analysts uncover a multi-cluster phishing operation leveraging fake CIA and anti-Putin group websites to harvest First seen on securityonline.info Jump to article: securityonline.info/russian-intelligence-impersonates-cia-in-phishing-attacks/
-
Russian Hackers Impersonate CIA to Steal Ukrainian Defense Intelligence Data
by
in SecurityNewsIn a complex cyber operation discovered by Silent Push Threat Analysts, Russian hackers have launched a multi-pronged phishing campaign impersonating various organizations, including the CIA, to gather intelligence on individuals sympathetic to Ukraine’s defense efforts. The campaign, believed to be orchestrated by Russian Intelligence Services or aligned actors, utilizes a network of fraudulent websites to…
-
Firefox fixes flaw similar to Chrome zero-day used against Russian organizations
by
in SecurityNewsDevelopers of Mozilla’s Firefox say that reports on a Google Chrome zero-day vulnerability led them to find a similar bug for the Windows version of their browser. First seen on therecord.media Jump to article: therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day
-
After Chrome patches zero-day used to target Russians, Firefox splats similar bug
Single click on a phishing link in Google browser blew up sandbox on Windows First seen on theregister.com Jump to article: www.theregister.com/2025/03/28/google_kaspersky_mozilla/
-
Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters
by
in SecurityNewsThe phishing campaign is highly sophisticated! First seen on hackread.com Jump to article: hackread.com/russia-phishing-fake-cia-sites-anti-war-ukraine-supporters/
-
Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia
by
in SecurityNewsFirefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day. The post Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/firefox-affected-by-flaw-similar-to-chrome-zero-day-exploited-in-russia/
-
Leaked Black Basta chat logs indicate ties to Russian officials
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/leaked-black-basta-chat-logs-indicate-ties-to-russian-officials
-
Russian internet provider purportedly breached by Ukrainian hacktivists
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/russian-internet-provider-purportedly-breached-by-ukrainian-hacktivists
-
Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimes
by
in SecurityNewsRussian authorities said they arrested three people and seized hardware in an operation against Mamont malware, which specializes in stealing money from Android device users. First seen on therecord.media Jump to article: therecord.media/mamont-banking-malware-arrests-russia
-
Russian Espionage Group Using Ransomware in Attacks
by
in SecurityNewsRussian-speaking espionage group RedCurl has been deploying ransomware on victims’ networks in a recent campaign. The post Russian Espionage Group Using Ransomware in Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-espionage-group-using-ransomware-in-attacks/
-
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit
by
in SecurityNews“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday. First seen on therecord.media Jump to article: therecord.media/russian-media-academia-targeted-in-espionage-campaign
-
Cyberangriff auf ein Mineralöl-Unternehmen in Russland
by
in SecurityNewsRussian Lukoil hit by large-scale cyberattack First seen on newsukraine.rbc.ua Jump to article: newsukraine.rbc.ua/news/russian-lukoil-hit-by-large-scale-cyberattack-1742981848.html
-
Raspberry Robin: From Copy Shop Worm to Russian GRU Cyber Tool
Raspberry Robin, also known as Roshtyak or Storm-0856, has evolved from a simple worm targeting copy shops to First seen on securityonline.info Jump to article: securityonline.info/raspberry-robin-from-copy-shop-worm-to-russian-gru-cyber-tool/
-
Raspberry Robin: From Copy Shop Worm to Russian GRU Cyber Tool
Raspberry Robin, also known as Roshtyak or Storm-0856, has evolved from a simple worm targeting copy shops to First seen on securityonline.info Jump to article: securityonline.info/raspberry-robin-from-copy-shop-worm-to-russian-gru-cyber-tool/
-
Russian Ransomware Gang Exploited Windows Zero-Day Before Patch
by
in SecurityNewsExploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub) The post Russian Ransomware Gang Exploited Windows Zero-Day Before Patch appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-ransomware-gang-exploited-windows-zero-day-before-patch/
-
Windows MMC Framework Zero-Day Exploited to Execute Malicious Code
by
in SecurityNewsTrend Research has uncovered a sophisticated campaign by the Russian threat actor Water Gamayun, exploiting a zero-day vulnerability in the Microsoft Management Console (MMC) framework. The vulnerability, dubbed MSC EvilTwin (CVE-2025-26633), allows attackers to execute malicious code on infected machines. The attack manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and…
-
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
by
in SecurityNewsThe Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor’s tradecraft.The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt.RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating First…
-
Russian threat actor weaponized Microsoft Management Console flaw
by
in SecurityNewsA threat actor known as “EncryptHub” began exploiting the zero-day vulnerability before it was patched earlier this month. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/russian-threat-actor-weaponizing-microsoft-management-console-zero-day/743558/
-
CVE-2025-2783: Chrome Zero-Day Targets Russian Organizations
by
in SecurityNewsGoogle Issues Emergency Patch for Chrome Zero-Day Exploit Google has released an urgent security update for its Chrome browser on Windows after uncovering a critical vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2025-2783, involves… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-2783-chrome-zero-day/
-
Austria uncovers alleged Russian disinformation campaign spreading lies about Ukraine
by
in SecurityNewsThe campaign was identified during an investigation into a Bulgarian woman accused of spying for Russia earlier this year. First seen on therecord.media Jump to article: therecord.media/austria-uncovers-russian-disinfo-campaign
-
Google fixes Chrome zero-day exploited in espionage campaign
by
in SecurityNewsGoogle has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser’s sandbox and deploy malware in espionage attacks targeting Russian organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-exploited-in-espionage-campaign/
-
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
by
in SecurityNewsGoogle has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on…
-
Lengthy disruption of Russian internet provider claimed by Ukrainian hacker group
A multi-day outage of internet services by Lovit, a widely used provider in cities such as Moscow and St. Petersburg, was claimed by the IT Army, a pro-Ukraine hacking group. First seen on therecord.media Jump to article: therecord.media/russia-isp-lovit-outages-claimed-ukraine-it-army
-
CVE-2025-26633: Water Gamayun Exploits Windows MMC in Active Zero-Day Campaign
by
in SecurityNewsA zero-day vulnerability tracked as CVE-2025-26633 is being actively exploited in the wild by a sophisticated Russian-linked threat First seen on securityonline.info Jump to article: securityonline.info/cve-2025-26633-water-gamayun-exploits-windows-mmc-in-active-zero-day-campaign/
-
Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker
A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin.”Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia,” Silent Push said in a…
-
Meet the Low-Key Access Broker Supercharging Russian State Cybercrime
by
in SecurityNewsRaspberry Robin breaks into organizations and sells access to Russian threat actors, including the military cyber unit behind attempted coups, assassinations, and influence operations throughout Europe. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/access-broker-russian-state-cybercrime